free page hit counter
Click the banner for the site map of NoticeBored.com, the information security awareness service
Phishing resources

Attention please beware that there are current reports

General [anti-] phishing resources

Added for June's module Wikipedia’s entry on phishing lists a hundred reference sources for the full nine yards.

Added for June's module The Honey Stick Project is performing ‘research related to computer user actions that provide insights into security awareness, as well as other security issues affecting individuals and business organizations’ by planting USB sticks in public places. Instead of taking over victim’s IDs with malware when autorun, the sticks evidently ‘phone home’.

Added for June's module PhishMe is not a phishing site but an awareness initiative, helping organizations set up fake phishing emails to send to their own employees. Instead of directing victims to a fake banking site to steal their details, emails send them to a phishing awareness information page.

Added for June's module The Internet Crime Complaint Center (IC3) is backed by the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C) and the Bureau of Justice Assistance (BJA). IC3 accepts online Internet crime complaints directly from either the person who believes they were defrauded or from a third party.

Added for June's module Bank Safe Online is a public awareness initiative backed by the UK banking industry. Read their consumer guides on phishing and money mulesOnGuardOnline is a similar initiative backed by the US Government, guiding consumers on how to avoid phishing, including 3 free security awareness videos (one / two / three). (Also available in Spanish). eBay has a tutorial on spotting scams and spoofs.

Added for June's module Free anti-phishing browser toolbars include CallingID, SiteAdvisor (free version has limited functionality), TrustWatchNetcraft,

Added for June's module Payment News, a newsletter-style website for the financial services industry, has a section dedicated to phishing news.

Added for June's module Content Verification Certificates can be used to certify the integrity and authenticity of websites, giving confidence to consumers that they are not interacting with fake phishing sites. Identity Cues uses visual reminders linked to user’s login details for the same purpose.

Added for June's module Phishtank is a clearing house for information on phishing sites reported by the public. 

New hot The Anti-Phishing Work Group primarily supports organizations that are being used as lures for phishing attacks. The community includes people who are fighting phishers all the time - there’s an immense amount of experience to share with those who are new at all this.

Recommended resource Take a look at page 49 of the NCL ‘call for action’ report for an excellent big picture overview from Microsoft of how phishing and other forms of identity theft actually work.

Fraud Watch International is an Australian anti-fraud initiative.

Find out how phishers can obscure phishing website addresses using decimal or hexadecimal URLs, @ symbols and other tricks.

An FTC Consumer Alert provides advice on not getting hooked by a phishing scam.

The US Financial Services Technology Consortium has information on the Anti-Phishing Consumer Protection Act of 2008.

WARNING: Internet pirates are trying to steal your personal financial information is a tri-fold leaflet on phishing from the US Treasury Department.

Symantec’s Phish Report Network is a anti-fraud community whose members (both organizations and individuals) submit spoofed/fraudulent Web sites for alerting/blocking by browser toolbars, web mail services , anti-spam and similar products. Law enforcement representatives also participate, allowing members to report fraud sites for criminal investigation at the same time. CastleCops has a similar community.

McAfee published a best practice guide to phishing controls in 2004.

Phishing incidents

Added for June's module 38 people have been arrested in the US and Romania in connection with phishing scams targeting customers of People’s Bank, Citibank, Capital One, PayPal and others. The US indictments included conspiracy to violate the Racketeer Influenced and Corrupt Organizations (RICO) Act; conspiracy in connection with access devices; unauthorized access to a protected computer; bank fraud (with a maximum term on conviction of 30 years); and aggravated identity theft.

Related NoticeBored links collections

See also the identity theft links page

NB: we do not necessarily endorse or agree with the third party websites accessible through the links. Use at your own risk. Please let us know about new or broken links.
NB homeLinks collection > Phishing >

Copyright © 2008 IsecT Ltd.